Effective: July 2022
1. IMPORTANT NOTICE
Data controllers that are part of a group of undertakings or institutions affiliated to a central body have a legitimate interest in transmitting personal data within the group of undertakings for internal administrative purposes, including the processing of clients’ personal data. The Group utilized various centrally managed information technology systems and solutions.
Where legal entities within the Group jointly determine the purpose and means of data processing their respective responsibilities as joint controllers for compliance with the obligations under the respective data privacy laws, in particular as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to (for example: in Articles 13 and 14 of the GDPR) are regulated by means of an intra-group data processing contract. Summary of such an arrangement may be provided to you by way of a written request sent to firstname.lastname@example.org
2. HOW TO CONTACT US
If you wish to correct your personal data held by us, please contact us at email@example.com
You may also opt-out of receiving marketing communications from us or alter your marketing preferences by sending us an email to firstname.lastname@example.org, or by unsubscribing through the “unsubscribe” or “opt out” link in any marketing email.
If you need to contact us in connection with our use or processing of your personal data, or gain access to it, you can email us at email@example.com
3. TYPES OF PERSONAL DATA WE COLLECT
HEXCOM processes various types of personal data about the people we interact with when conducting our business or operating our various web presences and other communication channels.
Depending on the individual case, this may comprise the following types of personal data:
HEXCOM the following categories of personal data as contact data: first name, last name, email addresses, postal address/location (country, state/province, city), telephone numbers.
Personal data related to the business relationship with HEXCOM
In the context of established business relationships, HEXCOM processes the business partners company name, industry, your job title and role, department and function and your company’s relationship history to HEXCOM. If you provide a credit card number or bank details to order products or services, HEXCOM will collect this information to process your payment for the requested products or services.
Compliance related personal data
If required by statutory law or regulation, HEXCOM may process data categories like date of birth, academic credentials, identity cards or other ID numbers, geolocation, business partner relevant information about e.g., significant litigation or other legal proceedings, and other export control or custom compliance relevant information.
Data generated through your use of, or participation in, HEXCOM’s internet pages, web, or online offerings
HEXCOM processes certain user related information, e.g., info regarding your browser, operating system, or your IP address when you visit HEXCOM’s web properties. We also process information regarding your use of our web-offerings, like the pages you visit, the amount of time you spend on a page, the page which has referred you to our page and the links on our sites you select.
HEXCOM may process your contact data as set out above and other information which you may provide directly to HEXCOM if you register for any of HEXCOM’s events or other web services.
When you participate in webinars, virtual seminars, events, or other HEXCOM web services, HEXCOM may process your interactions with the relevant webservice to organise the event including its sessions, polls, surveys, or other interactions between HEXCOM and/or its participants. Depending on the event and subject to a respective notification of the participants, HEXCOM may collect audio and video recordings of the event or session.
Personal data necessary for customer satisfaction
To the extent permitted by law or based on your consent, HEXCOM may combine the information we collect either directly or indirectly about specific users to ensure the completeness and correctness of the data and to help us better tailor our interactions with you and determine the information which best serves your respective interest or demand.
We may also create personal data about you. For example, if you contact us by telephone to make a complaint about our services or products, then we may make a written record of key details of the conversation so that we can take steps to address the complaint.
We do not sell your personal data.
4. THE SOURCES FROM WHICH WE OBTAIN YOUR PERSONAL DATA
We obtain your personal data from the following sources:
Directly from you, either in person (at our locations or otherwise), via our website, by email, or by telephone or via handheld devices. This could include personal data which you provide when you:
(a) place an order for our products or services;
(b) request HEXCOM documentation from our website or our partners’ websites;
(c) subscribe to our publications;
(d) request information on our products or services or for other marketing to be sent to you;
(e) enter into a competition or promotion;
(f) complete a survey from us or give us feedback;
(g) register to attend our seminars or events; or
(h) download our product documentation or other resources available on our website or app.
We may automatically collect certain personal data about your equipment, browsing actions and patterns by using cookies, server logs and other similar technologies. Please see Section 15 for further details.
Third parties, such as:
(a) analytics providers.
(b) survey providers.
(c) advertising networks.
(d) search information providers;
(e) providers of technical, payment and delivery services.
(f) data brokers or aggregators.
(g) content providers.
(h) providers of social media platforms.
(i) Vimeo and Youtube; and
(j) third-party syndication and media partners.
5. HOW WE USE YOUR PERSONAL DATA & OUR BASIS FOR USING IT
a) Where we are relying on a basis other than consent
We may rely on one or more of the following legal bases when processing your personal data. We have set out below the purposes for which we may process your personal data and a legal base:
|Purposes for which we process your personal data||The basis on which we can do this (this is what the law allows)|
|To register you or your company as a new customer and process your order.||The processing is necessary: To perform a contract with you; and our legitimate interest in the provision of products and services to our guests.|
|In order to perform our contractual obligations to you. This would include: Processing, providing and performing any products, services or other orders placed by you; orders placed by us where you are a supplier; making or receiving payments, fees and charges; and collecting and recovering money owed.||The processing is necessary: To perform any contract entered into with you; and our legitimate interest in recovering debts owed to us.|
|In order to make suggestions and recommendations to you about products or services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising.||The processing is necessary for our legitimate interests to study how guests use our products/services, to develop our products and services and ensure our marketing is relevant to you, to grow our business and to inform our marketing strategy.|
|For internal purposes to use data analytics, to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and to improve our website, for internal research, technological demonstration and development, and to help HEXCOM create, develop, operate, deliver, improve, upgrade or enhance HEXCOM products and services, marketing, customer relationships and experiences.||The processing is necessary for our legitimate interests in defining types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy|
|To communicate with you about, and administer your participation in, seminars and other special events, programs, and promotions.||The processing is necessary: For performance of a contract with you; and necessary for our legitimate interests to promote our business.|
|To sell, make ready for sale or dispose of our business in whole or in part including to any potential buyer or their advisers.||The processing is necessary for our legitimate interests in the sale or disposal of our business or assets.|
Where we refer above to GDPR Article 6.1 (f) and consequently HEXCOM’s legitimate business interest as our legal permission to process your personal data, HEXCOM is pursuing its legitimate business interests:
- to efficiently manage and perform its business operations,
- to maintain and operate intelligent and sustainable business processes in a group structure optimized for the division of labor and in the best interest of our employees, customers, partners, and shareholders,
- to operate sustainable business relationships with HEXCOM customers and partners including you (each of which as further set out below),
- serve you with the best possible user experience when using HEXCOM’s web services,
- comply with extraterritorial laws and regulations, or
- assert or defend itself against legal claims.
We believe that our interest in pursuing these business purposes is legitimate and thereby not outweighed by your personal rights and interest to refrain from processing. In any of these cases, we duly factor into our balancing test:
- the business purpose reasonably pursued by HEXCOM in the given case,
- the categories, amount and sensitivity of personal data that is necessarily being processed
- the level of protection of your personal data which is ensured by means of our general data protection policies, guidelines, and processes,
- and the rights you have in relation to the processing activity.
If you wish to obtain further information on this approach, please contact us at firstname.lastname@example.org
When ensuring compliance with applicable laws and regulations, Group entity may process your Personal data based on:
- GDPR Article 6.1 (c) if necessary, to fulfill legal requirements under European Union or EU Member State law to which HEXCOM is subject,
- GDPR Article 6.1 (f) if necessary, to fulfill laws and regulations extraterritorial to the EU (legitimate interest to comply with extraterritorial laws and regulations),
- or the equivalent articles under other national laws, when applicable.
When tracking and evaluating the usage behavior of users of our web services by means of cookies or similar technologies, HEXCOM is processing your personal data on the basis of the following legal permissions:
- GDPR Article 6.1 (a) if it is necessary that we ask you for your consent to process your personal data,
- GDPR Article 6.1 (b) if necessary to fulfill (pre-)contractual obligations with you,
- GDPR Article 6.1 (f) if necessary to fulfill (pre-)contractual obligations with the company or other legal body you represent as a customer contact (legitimate interest to efficiently perform or manage HEXCOM’s business operation),
- or equivalent legal permissions under other relevant national laws, when applicable.
b) Where we may rely on consent
We may use your personal data for a variety of different purposes. For certain of these purposes it is appropriate for us to obtain your prior consent. These purposes include:
where we would like to use photos or images taken of you in promotional materials;
where we or our carefully selected third parties have new products and services which we think you will be interested in; or
where an opportunity arises to work for or with us.
The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
You may at any time withdraw the specific consent you give to our processing your personal data by sending us an email to email@example.com.
Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes.
6. WHO RECEIVES YOUR PERSONAL DATA
Your personal data may be passed on to the following categories of third parties:
Third party service providers
HEXCOM may engage third party service providers to process personal data on HEXCOM’s behalf, e.g., for consulting or other services, marketing and advertising platforms, and data analytics platforms, other IT infrastructure, IT services, the provision of the website, the fulfillment and provisioning of offers from HEXCOM or newsletter dispatch. These service providers may receive or are granted with access to personal data when rendering their services and will constitute recipients within the meaning of the relevant data privacy law, including GDPR.
HEXCOM may share your personal data with designated partner companies to provide you the product or service you have requested.
7. PERSONAL DATA ABOUT OTHER PEOPLE WHICH YOU PROVIDE TO US
8. ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us either by logging onto your account on the website or by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
9. INTERNATIONAL TRANSFERS OF PERSONAL DATA
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the country or area in which it was collected (e.g., transferred from the European Economic Area to the United States, and stored and processed in the United States).
In connection with such transfers the relevant safeguard in place are the standard data protection contractual clauses between us and the recipient a copy (redacted to remove commercial or irrelevant information) can be obtained by emailing us at firstname.lastname@example.org. You may also obtain more information from the European Commission on the international dimension of data protection here.
10. HOW LONG WE WILL STORE YOUR PERSONAL DATA
HEXCOM will store your personal data taking into account the following:
- the purpose(s) for which we are processing your personal data, such as whether it is necessary to continue to store that data in order to continue to perform our obligations under a contract with you or for our legitimate interests;
- whether we have any legal obligation to continue to process your data, such as any record-keeping, accounting or tax obligations imposed by applicable law; and
- whether we have any legal basis to continue to process your personal data, such as your consent.
For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact us at email@example.com .
11. YOUR CONTRACTUAL OR STATUTORY REQUIREMENTS TO PROVIDE PERSONAL DATA
In certain circumstances the provision of personal data by you is a requirement to comply with the law or a contract, or necessary to enter into a contract.
It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If you do not provide your personal data then the consequences of failing to provide your personal data are that we may not be able to perform to the level you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you at all because we rely on the personal data you provide in order to do so.
12. AUTOMATED DECISION MAKING
We use automated decision making in our processing of your personal data. We use the following logic in our marketing automation platforms to profile your website activity, certain aspects of your company as well as certain personal data in our databases. This includes (but is not limited to) the application of profiling data to your personal profile. Personal data used to profile you will include your job title, seniority, and web page visits and other details about your employer. We use such automated decision making to determine whether we believe a particular marketing campaign or program is applicable to you.
13. YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
Right to access, correct and delete
You can request from HEXCOM at any time access to information about which personal data HEXCOM processes about you and, if necessary, the correction or deletion of such personal data. Please note, however, that HEXCOM can or will delete your personal data only if there is no statutory obligation or prevailing right of HEXCOM to retain it.
Right to receive personal data back from HEXCOM
If HEXCOM uses your personal data based on your consent or to perform a contract with you, you can further request from HEXCOM a copy of the personal data you provided to HEXCOM. In this case, please contact firstname.lastname@example.org and specify the information or processing activities to which your request relates, the format in which you would like to receive the personal data, and whether it should be sent to you or another recipient. HEXCOM will carefully consider your request and discuss with you how it can best be fulfilled.
Right to restrict
You can request from HEXCOM to restrict your personal data from further processing in any of the following events:
- you state the personal data about you is incorrect, subject to the time HEXCOM requires to check the accuracy of the relevant personal data,
- there is no legal basis for HEXCOM to process your personal data and you demand HEXCOM to restrict your personal data from further processing,
- HEXCOM no longer requires your personal data, but you state you require HEXCOM to retain such data to claim or exercise legal rights or to defend against third party claims, or
- in case you object to the processing of your personal data by HEXCOM based on HEXCOM’s legitimate interest (as further set out below), subject to the time required for HEXCOM to determine whether it has a prevailing interest or legal obligation in processing your personal data.
Right to object
If and to the extent HEXCOM is processing your personal data based on HEXCOM’s legitimate interest, specifically where HEXCOM pursues its legitimate interest to engage in direct marketing or to apply profiling in relation to direct marketing, you have the right to object to such a use of your personal data at any time. When you object to HEXCOM processing of your personal data for direct marketing purposes, HEXCOM will immediately cease to process your personal data for such purposes. In all other cases, HEXCOM will carefully review your objection and cease further use of the relevant information, subject to HEXCOM’s compelling legitimate grounds for continued use of the information, which may override your interest in objecting, or if HEXCOM requires the information for the establishment, exercise, or defense of legal claims.
Right to revoke consent
Wherever HEXCOM is processing your personal data based on your consent, you may at any time withdraw your consent by unsubscribing or giving us respective notice of withdrawal. In case of withdrawal, HEXCOM will not process personal data subject to this consent any longer unless legally required to do so. In case HEXCOM is required to retain your personal data for legal reasons your personal data will be restricted from further processing and only retained for the term required by law. However, any withdrawal has no effect on past processing of personal data by HEXCOM up to the point in time of your withdrawal.
Right to lodge a complaint
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in Section 2.
14. LINKS TO OTHER SITES
Most of the cookies we use are called “session cookies”. They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit our website.
16. REGIONAL SPECIFIC PROVISIONS
Where HEXCOM is subject to privacy requirements in the EU, EEA, or other GDPR relevant countries:
Data Protection Officer for HEXCOM located at Christchurch, New Zealand. Written inquiries, requests or complaints may be addressed to email@example.com
Where HEXCOM is subject to certain privacy requirements in the United States in the State of California, the following also applies:
Do Not Track. Your browser may allow you to set a “Do not track” preference. Unless otherwise stated, our sites do not honor “Do not track” requests. However, you may elect not to accept cookies by changing the designated settings on your web browser or, where available, by referring to our Cookie Statement. Cookies are small text files placed on your computer while visiting certain sites on the Internet used to identify your computer. If you do not accept cookies, you may not be able to use certain functions and features of our site. This site does not allow third parties to gather information about you over time and across sites.
You have the right:
- to request from HEXCOM access to your personal data that HEXCOM collects, uses, or discloses about you;
- to request that HEXCOM delete personal data about you;
- to opt-out of the use or disclosure of your sensitive personal information;
- to non-discriminatory treatment for exercise of any of your data protection rights;
- if you request access to your personal data, for such information to be portable, if possible, in a readily usable format that allows you to transmit this information to another recipient without hindrance
In accordance with the disclosure requirements under the California Consumer Privacy Act (“CCPA”), HEXCOM does not and will not sell your personal data or otherwise permit the use of your information for any kind of cross-context behavioral advertising. In accordance with the verification process set forth in the CCPA, HEXCOM will require a more stringent verification process for deletion requests, or for personal data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your personal data. If HEXCOM must request additional information from you outside of information that is already maintained by HEXCOM, HEXCOM will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.
In addition to contacting HEXCOM at firstname.lastname@example.org you may also exercise your rights as follows:
- You can also designate an authorized agent to submit requests to exercise your data protection rights to HEXCOM. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.